From 14fb770e2049475ede9e08f45bc1870336068907 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Sun, 18 Feb 2024 10:10:58 +0100 Subject: [PATCH] infra: migrate secrets and rename helmrepo files --- adopt-secrets.sh | 50 +++++++++++++++++++ ...rs-n8n-helmrepository.yaml => 8gears.yaml} | 3 +- infrastructure/sources/calcom.yaml | 8 +++ ...rgejo-helmrepository.yaml => forgejo.yaml} | 0 .../{gitea-helmrepository.yaml => gitea.yaml} | 0 ...-helmrepository.yaml => invoiceninja.yaml} | 0 ...robjuz-helmrepository.yaml => robjuz.yaml} | 0 ...ts-helmrepository.yaml => truecharts.yaml} | 0 ...kunja-helmrepository.yaml => vikunja.yaml} | 0 9 files changed, 60 insertions(+), 1 deletion(-) create mode 100755 adopt-secrets.sh rename infrastructure/sources/{8gears-n8n-helmrepository.yaml => 8gears.yaml} (85%) create mode 100644 infrastructure/sources/calcom.yaml rename infrastructure/sources/{forgejo-helmrepository.yaml => forgejo.yaml} (100%) rename infrastructure/sources/{gitea-helmrepository.yaml => gitea.yaml} (100%) rename infrastructure/sources/{invoiceninja-helmrepository.yaml => invoiceninja.yaml} (100%) rename infrastructure/sources/{robjuz-helmrepository.yaml => robjuz.yaml} (100%) rename infrastructure/sources/{truecharts-helmrepository.yaml => truecharts.yaml} (100%) rename infrastructure/sources/{vikunja-helmrepository.yaml => vikunja.yaml} (100%) diff --git a/adopt-secrets.sh b/adopt-secrets.sh new file mode 100755 index 0000000..71a911c --- /dev/null +++ b/adopt-secrets.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# Copied from Stackspin with slight adjustment to include all new secrets +set -o errexit +secrets=$(kubectl get -A 'stringsecrets.v1alpha1.secretgenerator.mittwald.de' | tail +2 | awk '{print $2}' | paste -s -d ' ') +for secret in $secrets +do + echo "Processing secret $secret" + if currentRefs=$(kubectl get secret -n flux-system $secret -o jsonpath={.metadata.ownerReferences}) + then + if [ -n "$currentRefs" ] + then + echo "There are refs set already, skip." + continue + fi + + uid=$(kubectl get stringsecret -n flux-system $secret -o jsonpath={.metadata.uid}) + echo "Patching to add owner reference to StringSecret with uid $uid" + kubectl patch secret -n flux-system $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"StringSecret\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}" + else + echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping." + fi +done + +secrets="stackspin-alertmanager-basic-auth stackspin-prometheus-basic-auth" +for secret in $secrets +do + echo "Processing secret $secret" + if currentRefs=$(kubectl get secret -n stackspin $secret -o jsonpath={.metadata.ownerReferences}) + then + if [ -n "$currentRefs" ] + then + echo "There are refs set already, skip." + continue + fi + + uid=$(kubectl get basicauth -n stackspin $secret -o jsonpath={.metadata.uid}) + echo "Patching to add owner reference to BasicAuth with uid $uid" + kubectl patch secret -n stackspin $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"BasicAuth\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}" + else + echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping." + fi +done + +echo "Done patching secrets." +echo "Restarting secrets controller." +if ! kubectl rollout restart deploy -n secrets-controller secrets-controller-kubernetes-secret-generator +then + echo "Restarting failed. Possibly this is a new install and the secrets controller is not installed yet. Ignoring." +fi +echo "adopt-secrets completed" diff --git a/infrastructure/sources/8gears-n8n-helmrepository.yaml b/infrastructure/sources/8gears.yaml similarity index 85% rename from infrastructure/sources/8gears-n8n-helmrepository.yaml rename to infrastructure/sources/8gears.yaml index 312cfc2..b043829 100644 --- a/infrastructure/sources/8gears-n8n-helmrepository.yaml +++ b/infrastructure/sources/8gears.yaml @@ -1,7 +1,8 @@ +# 8gears for n8n apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: 8gears-n8n + name: 8gears namespace: flux-system spec: interval: 60m diff --git a/infrastructure/sources/calcom.yaml b/infrastructure/sources/calcom.yaml new file mode 100644 index 0000000..cb0a3e6 --- /dev/null +++ b/infrastructure/sources/calcom.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: calcom + namespace: flux-system +spec: + interval: 60m + url: https://pyrrha.github.io/calcom-helm diff --git a/infrastructure/sources/forgejo-helmrepository.yaml b/infrastructure/sources/forgejo.yaml similarity index 100% rename from infrastructure/sources/forgejo-helmrepository.yaml rename to infrastructure/sources/forgejo.yaml diff --git a/infrastructure/sources/gitea-helmrepository.yaml b/infrastructure/sources/gitea.yaml similarity index 100% rename from infrastructure/sources/gitea-helmrepository.yaml rename to infrastructure/sources/gitea.yaml diff --git a/infrastructure/sources/invoiceninja-helmrepository.yaml b/infrastructure/sources/invoiceninja.yaml similarity index 100% rename from infrastructure/sources/invoiceninja-helmrepository.yaml rename to infrastructure/sources/invoiceninja.yaml diff --git a/infrastructure/sources/robjuz-helmrepository.yaml b/infrastructure/sources/robjuz.yaml similarity index 100% rename from infrastructure/sources/robjuz-helmrepository.yaml rename to infrastructure/sources/robjuz.yaml diff --git a/infrastructure/sources/truecharts-helmrepository.yaml b/infrastructure/sources/truecharts.yaml similarity index 100% rename from infrastructure/sources/truecharts-helmrepository.yaml rename to infrastructure/sources/truecharts.yaml diff --git a/infrastructure/sources/vikunja-helmrepository.yaml b/infrastructure/sources/vikunja.yaml similarity index 100% rename from infrastructure/sources/vikunja-helmrepository.yaml rename to infrastructure/sources/vikunja.yaml